This past fall, AZBigMedia hosted a panel of Arizona Cyber Security experts at the AZ Tech Talk, moderated by UAT’s very own Data Privacy expert, Dr. Dave Bolman, University of Advancing Technology’s Provost and Chief Academic Officer. The panel was brought together to provide critical information to Arizona individuals, businesses, and schools on the rising concern of data privacy, how to safeguard systems to prevent a cyber security breach from occurring, where to find cyber security resources and how to get help after a cyber-attack of at any level has occurred.
Panelists at the AZ TechTalk with Dr. Dave Bolman included: Ori Eisen, the founder and CEO of Trusona; Heather Monthie, PhD, Associate Dean of the College of Science, Engineering and Technology at GCU; Sean Moshir, the CEO and co-founder of CellTrust; Greg Schu, a Partner at BDO; and Steve Zylstra, the President and CEO of the Arizona Technology Council.
In honor of Data Privacy Day, UAT is relaying five key points from the highly-respected moderator and panelists’ discussion, delivering a helpful guide for readers to apply in their own cyber security practices.
“If you want to understand cyber security, you have to understand what it’s all about — you have the entire world right there at your doorstep at any moment. The world has transformed into digital belongings that can more can be easily taken away. Just like you protect your physical belongings, you need to protect your digital assets”, said AZ Tech Talk panelist, Sean Moshir.
1. Data Privacy Education
The most critical topic discussed throughout the TechTalk panel relates to individuals and businesses alike, but many are confused about where to start. One panelist suggested a simple Google search to find a massive amount of helpful tips and information on the topic of Data Privacy Education.
Sean Moshir stressed, “Continue to adapt, learn how to take advantage of technology to protect yourself and others. Protection comes from education. The number one most important thing in cyber security that I have seen in my life is education for the employees. How you educate your employees, how you have policies, how you write policies, how you enforce those policies and making sure your company is compliant.”
"Data Privacy and Cyber Breach prevention education doesn’t have to be complex or expensive," Greg Schu explains, “Educate employees with very simple processes. If you’re an organization, there are very straightforward processes you can put in place. If you don’t have a plan in place, call your professional friends at reputable firms; they may have done this before and have things that work for them. There are so many things you can do where you don’t have to spend any money. If you have a family or friend into tech, get them to at least help you with your backups. If something goes wrong, at least you have a way to recover without paying ransomware,” said Schu.
Additionally, aside from the (often free) Firewall, AntiVirus, Anti-Spam and other basic protections you can have on your devices to protect your data (including having a backup strategy in place) the following tips are the most important practices to educate your family and employees in order to maintain a strong, proactive data privacy force at home and work.
2. Standard Password Best Practices
If you’re still using weak or the same passwords from several years ago for several accounts, you’ve likely already been hacked whether you know it yet or not. Use complex, original passwords for every account that have nothing to do with anyone’s names or addresses, birthdates, etc. Make really tricky passwords, especially the ones housing your confidential information such as financial, social security number, or other personal data that could be stolen and used for identify theft.
Also, change them frequently, even every time you log in if you want to be overcautious about it. Don't write them down on a sticky note or even lock them in spreadsheet on your computer, as these can be very easy ways for someone to access your data. To make coming up with new, original and complex passwords and remembering them easier, use a password generator and a secure password storage application.
Passwords of the Future
Although you’ve likely heard these tips before, in the high-level AZ Tech Talk panelist conversation, the current state of passwords were ignored. Only the passwords of the future were discussed because of how easily hackers are getting through our standard cyber security practices. The future of passwords is still undeclared but there is hope of a new, safer way forward to protect our data. However, you should still keep up with password best practices in order to utilize what’s available at this time.
During the TechTalk, Ori Eisen addressed the complex topic of the future of passwords with, “As a person that works everyday to replace passwords, how many people that have great technology we’re taking with us everywhere, let’s use that. It’s time to get rid of passwords. Biometrics are awesome as long as you don’t replay them. At the end of the day it’s converted to 0’s and 1’s. computer listening to 0’s and 1’s of my fingerprint or facial scan — anything that goes from analog to digital can be stolen and used maliciously.”
3. Add Extra Layers of Data Protection Security
Until a safer option of biometrics has been developed or the next option for passwords have been implemented, add extra layers of security to your accounts. Enable some form of Multi-Factor Authentication whenever possible on all accounts. This at least provides an extra level so even if someone does have your password, if they’re trying to login from a device that isn’t yours, you’ll get an alert and be able to stop the action in a timely manner. There are ways hackers can get around this but for most situations, it’s an additional way to keep them out.
Identify Theft Protection
Some Identify Theft Protection providers will monitor the dark web for breaches of your information, but all will report malicious activity associated with your data. It makes the process go a lot faster and smoother if you have this in place when a breach does occur. Think of it as your digital accidental insurance policy, similar to car insurance if you get in a fender-bender, when someone takes over your personal identity with malicious intent.
Data Privacy Insurance For Businesses
The Arizona Tech Council’s President & CEO, Steve Zylstra, stated that “Business-focused insurance companies used to have cybersecurity in their general liability policies, but they took it out so if you’re not sure if you have it, you don’t.”
It’s critical to have insurance and protection in place in order to not only lose data and trust from customers but your business altogether. According to IBM, The average financial cost of a data breach is $3.92 million, and Joe Galvin, a Chief Research Officer for Vistage, reported that 60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack.
Zylstra also explained that when shopping for data privacy insurance, “You want to make sure your insurance covers everyone involved in the business. Some insurance policies won’t cover the management team.”
4. “Don’t Be Click-Bait”
AZ TechTalk Panelist Tom Eisen shared the phrase, “Curiosity killed the cat” while on the topic of not clicking on everything interesting that comes your way online. “In terms of protecting your data, don’t be curious and click on the latest celebrity article. Unfortunately, that leads you to ways hackers can put malware on your computer.”
In a more personalized sense, also don’t fall for the Facebook messenger notification appearing to be from your friend asking, “is this you in this video?” attached with a video link. “Instead of being curious, be cautious first", Eisen said.
5. Keep an Eye Out For Phishing
Phishing is the most common way people lose their data privacy. Retruster’s 2019 Phishing and Email Fraud Statistics report states that Phishing accounts for 90% of all data breaches. Just in the last year, 76% of businesses reported being a victim of a phishing attack, 30% got opened by the targeted recipients and 15% of people successfully phished will be targeted at least one more time within the year.
Common Email Scams
To avoid being caught in a phishing trap, it is recommended to check the sender’s email address to ensure its correct. Hover over any link to check to see if it’s a valid and a secure link, an HTTPS link that matches and makes sense for who it should be from. For example, if your bank sends you an email and the email address or link within the email is off by a letter, a number, or has a random dot where it shouldn’t, never click on anything. Today, there are many ways people can spoof email addresses to look like the real deal as well, so always be cautious. Never log in to any account from an email.
The CEO Phishing Scam
Also ensure that the email from your boss asking you "Are you are in the office? I need you to do me a favor", is really from your boss. When in doubt, go directly to that person, pick up the phone or send a text to verify to make sure – and alert them if you believe you received a phishing email. Your boss will be appreciative when you didn’t follow a spoof request to wire all of the company’s funds to a random oversees account or spend a massive amount of money on gift cards.
What To Do When You Lose Your Data Privacy
How you handle a breach of your data is just as important as the steps you take to prevent it. Whether the company you have an account with was hacked, your personal email, or your business and customer data was compromised, how you recover can look different. Depending on your situation determines your next steps forward.
Firstly, change your passwords to any/all accounts associated with the breach. Check your bank statements, credit cards, credit reports for any malicious activity and report any issues to the designated customer services where the breach occurred.
The Tech Talk panel recommended that if this isn’t your area of expertise, call (and vet) a personal or professional IT Support specialist, just like you would your landscaping provider. If it’s your business, your internal IT department should be equipped to handle it, otherwise call on a reputable IT Support or Cybersecurity company to help you handle the procedures required for your industry and organization’s compliance regulations. Hopefully, you also backed up your data in case of a ransomware situation.
If you’re a school, reach out to your local community of IT experts if you need help. Contact the local Technology Council to find information on resources. In Tempe and the surrounding Phoenix area, University of Advancing Technology offers itself as a resource of support to local businesses. As the first and leading Cyber Higher Education resource in Arizona and the Southwest, Dr. Dave Bolman offered, “I invite any of Arizona’s public, charter, or private K-12 school that needs cyber security assistance and resources to reach out to me at email@example.com”.
Why it’s Important to Report a Breach of Data
US businesses are required to report a breach to law enforcement soon after it occurs as well as notify customers. For customers, it’s important to explain what information or data of theirs was potentially breached in addition to how they can attempt to re-secure their accounts. In addition to reconciling with your customers, the AZ Tech Talk panel recommends to inform other businesses in order to prevent it from happening to them.
If your business is in Arizona, Tech Council’s Steve Zylstra recommends to “Join the Arizona Cyber Response Alliance, where if you’re hacked, you share info with other organizations to help others prevent against the breach. This supports and gets the community collaboration going as well as gives you access to lots of resources in the community."
Greg Schu also commented, “When hackers find vulnerabilities, they share that with other hackers. If we’re not sharing gateways with others, we’re putting ourselves at risk.”
Lastly, Don’t Give Up on Technology
Hackers are getting more resourceful, creative, and relentless. It’s not expensive to hack anymore and the more data they have on you, the more they know you and the easier it is to get you to fall for their phishing schemes. A hacker “could be anyone. You can literally google “how do I hack”. There’s money to be made to teach people how to hack. In today’s world, hackers are business oriented and becoming more formalized. People punch a clock.“, Greg Schu alarmingly shared.
That isn’t the reason to go off grid, however. Ori Eisen inspiringly stated, “If you give up the convenience we have from the internet, we are already at loss. I don’t think that should be on the table. If it was, we wouldn’t know how to drive home from anywhere. On the serious side, what are things you can do everyday and where do you start? It can be so overwhelming.” The answer is to be mindful.
Eisen goes on to give questions to start asking yourself including: “What’s the most common denominator for keeping everyone around you safe? How are you protecting yourself today? How can you get rid of things that expose your data? How can you make it easier for your customers to be secured? Is there is a limit to what people want and can do? If you just start there, you can start to remove several obstacles that could pose a risk to your data privacy.”
Questions? Reach out to UAT!
Data Privacy is a rising concern among organizations and individuals alike and taken very seriously by University of Advancing Technology (UAT). UAT was one of the first universities in the nation to offer a Network Security education and the Cyber Warfare range was even partially funded by the Department of Defense. UAT has been designated for over 13 years as a Center of Academic Excellence (CAE) by the National Security Agency (NSA) for its Cyber Education. Our 100% STEM University currently offers three Bachelor’s degree programs and a Master of Science in Cyber Security, and is recognized for creating true cyber security leaders of integrity. UAT has also prepared more graduates with a NSA and CAE-credentialed education than any other program in Arizona and the Southwest.
Learn more about our Advanced Cyber Security Bachelor and Master of Science degree offerings.
To call for Dr. Dave Bolman or any tech expert at University of Advancing Technology for future moderator bookings, speaking engagements, or panelist opportunities, please reach out with your request to firstname.lastname@example.org.
If you think this article could help someone you know better protect their data privacy, please share with your friends, family, co-workers and connections!